git-pr-workflows-git-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs sub-agents to execute local code through the 'test-automator', specifically running unit, integration, and end-to-end test suites found within the repository (Phase 2.1).
- [REMOTE_CODE_EXECUTION]: By delegating to a sub-agent to run arbitrary test suites from the codebase, the skill facilitates the execution of code that may be modified by untrusted contributors, posing a risk if the repository contains malicious logic.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its processing of untrusted repository data.
- Ingestion points: The agent reads and analyzes 'uncommitted changes', 'file lists', and 'test results' across multiple phases to generate reports and commit messages.
- Boundary markers: The prompts do not specify delimiters or provide instructions to ignore potentially malicious commands embedded within code comments or test outputs being analyzed.
- Capability inventory: The skill possesses significant capabilities including file system access, subprocess execution for testing, git command execution, and GitHub PR management via API/CLI.
- Sanitization: No explicit sanitization or validation of the analyzed repository content is mentioned before it is processed by the sub-agents.
Audit Metadata